[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [cross-project-issues-dev] Two versions of ASM 9.3.0
|
A really hard to detect problem may appear if the code that used signed classes will get in contact with code loaded unsigned. While that this doesn't matter from compiler POV, and the actual code is identical, at runtime the classes and packages will be incompatible. I remember we had something like this in our code that used one ASM version from platform and another one coming from Xtext, at runtime both were loaded and we had verify errors where VM complained about incompatible class loaded or bad operand type on stack or something similar (asm bundles are not singletons and multiple bundle versions may coexist in one installation).
So ideally we shouldn't mix multiple ASM bundles in one release.
Am 19. April 2022 21:23:21 MESZ schrieb Jonah Graham <jonah@xxxxxxxxxxxxxxxx>:
>Hi folks,
>
>Not sure where this question goes.
>
>At the moment Eclipse Platform consumes ASM directly from Maven, which
>means the version it has in its I-builds is 9.3.0[1] - GPG signed.
>
>Orbit also has ASM 9.3.0, made in the same way as 9.2.0 and previous
>releases. This means Orbit contributes version 9.3.0.v20220409-0157[2] -
>jar signed.
>
>I am concerned this means we can end up with both versions in SimRel a bit
>too easily.
>
>What, if anything, should we do about this? Is this the expected outcome?
>
>Jonah
>
>
>[1]
>https://download.eclipse.org/eclipse/updates/4.24-I-builds/I20220418-1800/plugins/org.objectweb.asm_9.3.0.jar
>[2]
>https://download.eclipse.org/tools/orbit/downloads/drops/I20220415103937/repository/plugins/org.objectweb.asm_9.3.0.v20220409-0157.jar
>
>
>
>~~~
>Jonah Graham
>Kichwa Coders
>www.kichwacoders.com
--
Kind regards,
Andrey Loskutov
https://www.eclipse.org/user/aloskutov
Спасение утопающих - дело рук самих утопающих
